As of late, WhatsApp seems to be making headlines for the wrong reasons. Not too long, a flaw was discovered on the messaging app that allowed anyone to block the legitimate owner's access to his account. Now, security researchers have discovered another flaw that could allow third parties to stalk users without their permission.
Discovered by researchers in cybersecurity firm Traced, the issue lies with the online status feature of WhatsApp that is available by default. The aim of the online feature is to let people know when you're online. However, unlike features such as Last Seen and Status messages, WhatsApp doesn't give you the option to disable or change your online status...which is what third parties exploit.
Also Read: YouTube Twin Pranksters Who Staged Fake Bank Robberies Pleads Guilty
Traced found many online status trackers that market themselves as a solution to help people know when their contacts come online. The services of these trackers could as well be used by cyber-stalkers to constantly monitor others.
"You can enter any phone number, and if that person uses WhatsApp. the status tracker will provide the exact date and time that person opened WhatsApp," Tracked said in a blog post explaining how easy the process is.
However, some trackers even go further to allow users to enter the phone numbers of two individuals and it then shows whether the two users are chatting with each other on the app at a particular time.
Since Google doesn't allow cyberstalking apps to be published on the Play Store, WhatsApp tracking apps on the Play Store masquerade as a solution to let parents and guardians know when their loved ones are online on WhatsApp.
However, most web-based trackers don't hide the services rendered as they are promoted clearly as a solution to track individual's WhatsApp accounts.
When contacted, a WhatsApp spokesperson said that using automating tools to scrape information on its platform was a violation of its terms of service and that they regularly reach out to app stores, seeking the removal of such apps, while associated accounts are banned.
"We provide a setting to allow people to chose who can view the time a user was 'last seen' within WhatsApp. To help prevent abuse, we regularly work with app stores to seek the removal of apps that attempt to violate our terms of service. We have banned the WhatsApp accounts associated with such websites, requested Google remove sich apps from Play Store, and also take legal action, as appropriate. Automating WhatsApp's features to scrape information is a violation of our terms of service and we will continue to take action to protect the privacy of our users and help prevent abuse." the WhatsApp spokesperson said.